Which THREE of the following are typical steps in a qualitative risk assessment?
Rating scales (e.g., 1-5) are qualitative.
Why this answer
Qualitative assessment uses rating scales instead of monetary values. Identifying assets and threats, estimating likelihood and impact using scales, and prioritizing based on risk ratings are steps. Assigning monetary values and calculating ALE are quantitative steps.